The Computer Oracle and Password System (COPS) was the first vulnerability scanner for Unix operating systems to achieve widespread use. It was created by Dan Farmer while he was a student at Purdue University. Gene Spafford helped Farmer start the project in 1989.
COPS is a software suite comprising at least 12 small vulnerability scanners, each programmed to audit one part of the operating system:
File permissions, including device permissions/nodesPassword strengthContent, format, and security of password and group files (e.g., passwd)Programs and files run in /etc/rc* and cron(tab) filesRoot-SUID files: Which users can modify them? Are they shell scripts?A cyclic redundancy check of important filesWritability of users' home directories and startup filesAnonymous FTP configurationUnrestricted TFTP, decode alias in sendmail, SUID uudecode problems, hidden shells inside inetd.conf, rexd in inetd.confVarious root checks: Is the current directory in the search path? Is there a plus sign ("+") in the /etc/host.equiv file? Are NFS mounts unrestricted? Is root in /etc/ftpusers?Compare the modification dates of crucial files with dates of advisories from the CERT Coordination CenterKuang expert systemAfter COPS, Farmer developed another vulnerability scanner called SATAN (Security Administrator Tool for Analyzing Networks).
COPS is generally considered obsolete, but it is not uncommon to find systems which are set up in an insecure manner that COPS will identify.
